Uploaded image for project: 'Directory Client API'
  1. Directory Client API
  2. DIRAPI-348

NPE when Api decodes bind response from OpenDJ server 6.0

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.0.0.AM3
    • 2.1.1
    • None
    • Hide
      https://docs.ldap.com/specs/draft-vchu-ldap-pwd-policy-00.txt - Chapter 10

      10. Password Change After Reset

      This policy forces the user to select a new password on first bind or
      after password reset. After bind operation succeed with authentication, the server should check if the password change after reset policy is on
      and this is the first time logon. If so, the server should send bin-
      dResponse with the resultCode: LDAP_SUCCESS, and should include the password expired control in the controls field of the bindResponse mes-
      sage:

          controlType: 2.16.840.1.113730.3.4.4,

          controlValue: an octet string: "0",

          criticality: false

      After that, for any operation issued by the user other than modify pass-
      word, bind, unbind, abandon, or search, the server should send the
      response message with the resultCode: LDAP_UNWILLING_TO_PERFORM, and
      should include the password expired control in the controls field of the
      response message:

          controlType: 2.16.840.1.113730.3.4.4,

          controlValue: an octet string: "0",

          criticality: false
      Show
      https://docs.ldap.com/specs/draft-vchu-ldap-pwd-policy-00.txt - Chapter 10 10. Password Change After Reset This policy forces the user to select a new password on first bind or after password reset. After bind operation succeed with authentication, the server should check if the password change after reset policy is on and this is the first time logon. If so, the server should send bin- dResponse with the resultCode: LDAP_SUCCESS, and should include the password expired control in the controls field of the bindResponse mes- sage:     controlType: 2.16.840.1.113730.3.4.4,     controlValue: an octet string: "0",     criticality: false After that, for any operation issued by the user other than modify pass- word, bind, unbind, abandon, or search, the server should send the response message with the resultCode: LDAP_UNWILLING_TO_PERFORM, and should include the password expired control in the controls field of the response message:     controlType: 2.16.840.1.113730.3.4.4,     controlValue: an octet string: "0",     criticality: false

    Description

      User can use our application to reset the password, even if they do not know their old ones.

      In the first step, the application resets the password and uses the temporary password for the bind request with the intention to change the password.

      During the decoding of the response, there is a control sent back, for which there is no factory defined, and a NullPointerException is thrown.

      This is the control in question:

      controlType: 2.16.840.1.113730.3.4.4, controlValue: an octet string: "0", criticality: false

       

      Attached is the stacktrace, and implementation ideas for a new control

      Attachments

        1. ApacheLdapConnectionPool.java
          5 kB
          Jan Zelmer
        2. stacktrace-illegal-pool.txt
          7 kB
          Jan Zelmer
        3. stacktrace.txt
          4 kB
          Jan Zelmer
        4. PasswordExpiredResponse.java
          0.2 kB
          Jan Zelmer
        5. PasswordExpiredResponseImpl.java
          0.7 kB
          Jan Zelmer
        6. PasswordExpiredResponseFactory.java
          1 kB
          Jan Zelmer

        Activity

          People

            Unassigned Unassigned
            Alunisiira Jan Zelmer
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: